Signatures carry a lot of value. They have been a handy tool for identity verification on documents and other paper based instruments. Signatures have a long history with their roots dating to 3000 – 2500 BC. During this time, Sumerians and Egyptians started using pictographs, a mix of pictures and symbols to convey a meaning. Early attempts to script a language date back to 1800 – 1200BC, when Phoenicians invented planet’s first script. By 1200 BC, Greeks added vowels to Phoenician script as the original script did not have any. At around 600BC, the Latin alphabet was developed from Greek alphabet which was used for many centuries throughout the world.

Signature of El Cidm (1040 – 1099), a Castilian nobleman and military leader in medieval Spain, is the one of earliest known signatures in human history. A signature is a handwritten name, nickname, a draw or just a mark that is stylized to be unique to an individual. Distinctiveness of handwriting and styling together render signatures as an individual characteristic, which is hard to imitate by others. Signature on a document implies that the signatory either approves or bears the responsibility of the content of the document. Signatures are used to authenticate or approve documents, transactions and other paper based instruments. They can be used to authenticate documents regardless their value or importance, so from low value to high value documents and transactions can be authenticated just with signatures. For example, a presidential order, which is a very important document, cannot be executed without signature of the president.

Image: Biometrically authenticated signature on electronic devices can be as good as hand written signature on paper.

But are signatures digitally significant?

Signatures have served as a proven method to authenticate identity; however, when it came to identity or document verification in digital world they just seemed very unsupportive. When signatures deserted, login ID and passwords saved the day and took over digital identity authentication. Contemporary technology during the early days of information technology was unable to support signature based digital authentication. And by the time the technology was available to use signatures as digital authentication method, login/passwords had already taken the job. Login ID and passwords offered a cheap and secure way to authenticate identity without the need of any additional hardware or software.

Passwords did the job very well. This knowledge based identity verification method was flexible enough to be changed when compromised or to increase complexity to enhance security. In 1990s, passwords seemed as if they were the ultimate tool for information security. However, with time and increasing numbers of threats, passwords alone seemed insufficient to safeguard information. Two-factor and multi-factor authentication, OTPs (One Time Passwords), Security Questions and methods like limiting the number of password entry attempts, etc. were deployed to enhance password based security.

Signatures for information security

Since signatures turned unfriendly for digital authentication, login ID and password were used to verify or authenticate identity in digital world. Signatures did a great job on papers but rendered helpless on email account login page. On the other hand, people could not put their password on a document to approve it, so authentication methods becomes exclusive to digital or non-digital purposes.

Signatures are great, you can use same signature to authenticate or approve different documents or execute different transactions, unlike passwords, which are considered to be safer when same password is not used anywhere else. Online safety experts urge users to use different passwords for different services. This practice safeguards other user accounts if one account information or password is compromised. Using different passwords on different services results in a lot of passwords to remember, let’s not forget security questions and password hints which can put additional burden on your memory. These many passwords results in identity chaos and can be frustrating at times.

Authenticating digital documents and transaction: where signatures get out of hand

What if you choose to write your signature on a document in digital form, e.g. a PDF document on your smartphone or tablet? Would not it be waste of time and resources to print it and then sign with a pen and re-scan it, while you could sign it right on the screen with a stylus or just with your finger? What could possibly go wrong by hand signing digital documents? Actually, a lot! If this approach was able to offer solution, it would have been implemented in the first place. The problem with this method is that it is very easy to imitate signatures and place it anywhere on the same and other documents and there is no way to verify that signature is from the actual signer or it was placed fraudulently.

However, we often see signatures placed digitally on some documents like invoices, bills and statement sent by email as PDF documents. These documents are generated electronically in controlled environment. The user who generated them, had privileges to do so with his or her User ID and password, making her liable for the content of the document. Signature image is preloaded in the software system which is automatically placed on the document. These signatures serve as electronic signatures as user who generated them had privileges to do so and software system should have audit trail of it. These signature images are placed on digital documents to make them look authentic and win customer confidence, as customers often tend to like signed documents. Even without the signature image, document will be considered electronically signed if generated in controlled environment.

Signing digitally is not what it sounds like

There are of course methods that have been developed to digitally sign the documents. Digital signature is one of such methods in which the signer is required to obtain a Digital Signature Certificate (DSC) from a Certifying Authority (CA), which is a trusted third-party entity that issues digital certificates for other parties. CA has to verify the identity and address of the signer before it issues a DSC. Digital Signature, however, is not same as electronic signature or e-signature, as they are popularly referred to.

According to the U.S. Federal ESIGN Act passed in 2000:

“An electronic signature is an “electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”

Image: Handwritten signatures can be verified biometrically by measuring physical activities while signing.

Any electronic data that carries the intent of a signature can be called electronic signature. Accepting a package delivery by signing on touch screen, checking “Accept” checkbox of online user agreement, etc. are some of the examples of electronic signatures. In some countries, electronic signatures do have a legal significance.

Looks good so far, but the original question is still unanswered, is it practically possible hand sign a digital document with authenticity and without the need of any controlled environment or digital signatures? Let’s find out.

Biometric signature verification: the missing link

Biometric signature verification can be the answer to all limiting factors of hand signing a digital document. There can be no other way as natural as signing by hand to authenticate a document, let it be digital or on a paper. By measuring unique biometric data that occurs during the signing process, such as the writing rhythm, movement, acceleration and pressure, a personal profile can be created and source of the signature (the signer) can be verified using this profile. A signer can be enrolled on the biometric verification system beforehand by taking multiple samples. The system can also take care of variations in signatures as well by mapping variations in enrollment samples. Signatures itself may be imitated but the way they are drawn cannot be, and this fact makes biometric signature verification superior. With biometric verification ability, signatures can be used across digital, non-digital or online identity verification. The verification system does not treat signatures as an image, rather the personal profile is created on the basis of physical characteristics like speed, rhythm, pressure, movement and acceleration during the signing process.

Applications of biometric signature verification

There are many processes and industry fronts where users need to authenticate their identity, sign documents or perform transactions.

Following are some of the applications where biometric signature verification can make a difference:

Finance and banking

Finance and Banking services require customers to authentication identity for various purposes like processing a request, taking a loan or making a transaction. Banks and financial institutions can make use of biometric signature verification to eliminate the possibility of fraud or identity theft during the authentication process. It can also replace manual application wherever a customer needs to present his or her signature. Biometric signature verification is faster and more efficient than manual method of signature verification and produce reliable results.

Government organizations

Biometric signature verification system can streamline operations at government outfits by expediting verification process. Not only the existing applications that require signature verification can be improved with biometric signature verification, but many other methods of authentication can also be replaced with biometric signature verification. Government setups generally deal with huge population and verification process takes significant amount of time, which can be reduced with biometric signature verification. It also eliminates possibility of identity fraud, which is more crucial to address in government outfits. The time claimed by user verification can be dramatically reduced using biometric signature verification.

Retail sector

Biometric signature verification can be used to reduce fraud while providing convenience for retail transactions. Many of the larger retail chains are choosing to biometrically verify customer signatures for payment authentication. Credit and debit card security has mostly been a tread off between security and convenience. Cards do have a signature portion on the back but that cashier may or may not compare it with what is presented on payment slip. The primary purpose of the signature is to strengthen the cardholder’s commitment to pay the bill. The retailer is obligated to keep the signed statement, or an electronic facsimile, to present to the customer if the charge is challenged. Biometric signature verification can dramatically improve the whole process and reduce the number of challenged payments and cases of fraud. Retail stores can electronically enroll their customers and verify them each time they make a purchase.

Online transactions

Online transactions traditionally require passwords for identity authentication, however passwords pose a considerable security risk as they can be guessed, shared and forgotten. Biometrically verified signatures can address the shortcomings posed by password based authentication and can provide a seamless user experience without compromising security. Biometric Signature Verification is the most natural solution to authenticate offline as well as online transactions, eliminating the need of different methods of authentication for different purposes.

Air travel

Verification of passenger identity is crucially important for safe air travel as mid-air incident can be life threatening for everyone on the flight. Passengers’ identity verification can be easily performed with biometrically verified signatures. With this form of identity verification, customers no longer need to carry identity cards or documents to prove their identity. Customers can be offered to enroll for the method on their first or subsequent air travels.

Conclusion

In a world that is increasing going digital, signatures have preserved their significance very well. Initially rendered as unusable for digital authentication, ability of biometric verification has made them a secure and efficient way to authenticate digital transactions as well as documents.

Unless signed in front of a verifier, there is absolutely no way to verify authenticity of a signature, because paper cannot measure physical features like rhythm, speed, pressure, acceleration, etc. applied while signing. But biometrics has made it possible to measure all these traits which are unique to an individual. Government as well as businesses can use biometric signature verification to cut waiting times and improve user experience. Biometric signature verification is a solution that can be used for both online and offline use cases, eliminating need to employ different methods for both the purposes. Biometric verification of a signature cannot be imitated even if an imposter is able to imitate signature itself, it is next to impossible to imitate exact physical characteristics in the tiny time frame of writing signatures.

About The Author

Danny Thakkar is the co-founder of Bayometric, one of the leading biometric solution providers in the world. He has helped large organizations like Pepsi, America Cares, Michigan State and many other medium and small businesses achieve their identity management needs. He has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals. Currently, he is chief evangelist for Touch N Go and blogs regularly at www.bayometric.com and www.touchngoid.com.